Lucene search
K

236 matches found

Github Security Blog
Github Security Blog
added 2025/11/05 4:37 p.m.10 views

runc container escape via "masked path" abuse due to mount race conditions

Impact The OCI runtime specification has a maskedPaths feature that allows for files or directories to be "masked" by placing a mount on top of them to conceal their contents. This is primarily intended to protect against privileged users in non-user-namespaced from being able to write to files o...

8.4CVSS6.9AI score0.0067EPSS
Exploits4References7Affected Software1
Snyk
Snyk
added 2025/11/05 4:37 p.m.3 views

Race Condition Enabling Link Following

Overview github.com/opencontainers/runc/libcontainer is a package for a modern container runtime. Affected versions of this package are vulnerable to Race Condition Enabling Link Following via a race condition in the maskedPaths feature. An attacker can gain unauthorized access to host files,...

8.2CVSS7.6AI score0.0067EPSS
Exploits2References3
OSV
OSV
added 2025/11/05 9:0 a.m.4 views

UBUNTU-CVE-2025-31133

runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, 1.3.0-rc.1 through 1.3.1, 1.4.0-rc.1 and 1.4.0-rc.2 files, runc would not perform sufficient verification that the source of the bind-mount i.e., the container's /dev/null was...

7.8CVSS6.8AI score0.0067EPSS
Exploits2References4
OSV
OSV
added 2025/11/05 9:0 a.m.5 views

UBUNTU-CVE-2025-52565

runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting /dev/pts/$n to /dev/console inside the container, an attacker can...

8.4CVSS6.6AI score0.00523EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/11/05 12:0 a.m.7 views

PT-2025-45166

Name of the Vulnerable Software and Affected Versions Youki versions 0.5.6 and below Description Youki is a container runtime written in Rust. Insufficient initial validation of the /dev/null source allows for container escape when bind mounting the container's /dev/null as a file mask. This occu...

10CVSS6.6AI score0.00236EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2025/11/04 12:0 a.m.5 views

PT-2025-45350

Name of the Vulnerable Software and Affected Versions runc versions 1.2.0 through 1.2.7 runc versions 1.3.0-rc.1 through 1.3.1 runc versions 1.4.0-rc.1 through 1.4.0-rc.2 Description runc is a CLI tool for spawning and running containers according to the OCI specification. A race condition in the...

7.8CVSS6.8AI score0.0067EPSS
Exploits2References169
Positive Technologies
Positive Technologies
added 2025/11/04 12:0 a.m.4 views

PT-2025-45373

Name of the Vulnerable Software and Affected Versions runc versions 1.0.0-rc3 through 1.2.7 runc versions 1.3.0-rc.1 through 1.3.2 runc versions 1.4.0-rc.1 through 1.4.0-rc.2 Description Insufficient checks when bind-mounting /dev/pts/$n to /dev/console inside a container allow an attacker to tri...

8.4CVSS6.7AI score0.00523EPSS
Exploits1References158
RedHat Linux
RedHat Linux
added 2025/10/16 11:3 a.m.7 views

podman: Build Context Bind Mount

A flaw was found in Podman. In a Containerfile or Podman, data written to RUN --mount=type=bind mounts during the podman build is not discarded. This issue can lead to files created within the container appearing in the temporary build context directory on the host, leaving the created files...

7.4CVSS5.8AI score0.00596EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2014-5104

Malware in sbrugna...

7.2CVSS6.5AI score0.00368EPSS
Exploits0References13
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2012-0818

Malware in sbrugna...

3.7CVSS6AI score0.00413EPSS
Exploits1References10
RedHat Linux
RedHat Linux
added 2025/10/01 4:38 p.m.13 views

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.18.25 packages and security update

Red Hat OpenShift Container Platform release 4.18.25 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.18. Red Hat Product Security has rated this update as having a...

7.4CVSS5.8AI score0.00596EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2025/10/01 4:38 p.m.5 views

podman: Build Context Bind Mount

A flaw was found in Podman. In a Containerfile or Podman, data written to RUN --mount=type=bind mounts during the podman build is not discarded. This issue can lead to files created within the container appearing in the temporary build context directory on the host, leaving the created files...

7.4CVSS5.8AI score0.00596EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/10/01 1:18 p.m.6 views

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.16.49 packages and security update

Red Hat OpenShift Container Platform release 4.16.49 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.16. Red Hat Product Security has rated this update as having a...

8.1CVSS6.8AI score0.01008EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/10/01 12:0 a.m.6 views

RHEL 8 / 9 : OpenShift Container Platform 4.16.49 (RHSA-2025:16724)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:16724 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private...

7.4CVSS5.7AI score0.00596EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2025/09/17 11:25 p.m.5 views

SUSE CVE-2025-4953

A flaw was found in Podman. In a Containerfile or Podman, data written to RUN --mount=type=bind mounts during the podman build is not discarded. This issue can lead to files created within the container appearing in the temporary build context directory on the host, leaving the created files...

7.4CVSS6.5AI score0.00596EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2025/09/16 3:32 p.m.14 views

Podman Creates Temporary File with Insecure Permissions

A flaw was found in Podman. In a Containerfile or Podman, data written to RUN --mount=type=bind mounts during the podman build is not discarded. This issue can lead to files created within the container appearing in the temporary build context directory on the host, leaving the created files...

7.4CVSS6.5AI score0.00596EPSS
Exploits0References18Affected Software1
OSV
OSV
added 2025/09/16 3:32 p.m.2 views

GHSA-M68Q-4HQR-MC6F Podman Creates Temporary File with Insecure Permissions

A flaw was found in Podman. In a Containerfile or Podman, data written to RUN --mount=type=bind mounts during the podman build is not discarded. This issue can lead to files created within the container appearing in the temporary build context directory on the host, leaving the created files...

7.4CVSS6.5AI score0.00596EPSS
Exploits0References18
OSV
OSV
added 2025/09/16 3:15 p.m.5 views

CVE-2025-4953

A flaw was found in Podman. In a Containerfile or Podman, data written to RUN --mount=type=bind mounts during the podman build is not discarded. This issue can lead to files created within the container appearing in the temporary build context directory on the host, leaving the created files...

7.4CVSS6.5AI score0.00596EPSS
Exploits0References16
OSV
OSV
added 2025/09/16 3:15 p.m.6 views

AZL-68054 CVE-2025-4953 affecting package podman for versions less than 5.6.1-2

A flaw was found in Podman. In a Containerfile or Podman, data written to RUN --mount=type=bind mounts during the podman build is not discarded. This issue can lead to files created within the container appearing in the temporary build context directory on the host, leaving the created files...

7.4CVSS5.8AI score0.00596EPSS
Exploits0References1
OSV
OSV
added 2025/09/16 3:15 p.m.7 views

UBUNTU-CVE-2025-4953

A flaw was found in Podman. In a Containerfile or Podman, data written to RUN --mount=type=bind mounts during the podman build is not discarded. This issue can lead to files created within the container appearing in the temporary build context directory on the host, leaving the created files...

7.4CVSS5.8AI score0.00596EPSS
Exploits0References4
Rows per page
Query Builder